Wi-Fi woes: Linksys and Netgear router models at risk from backdoor that offers access to ‘controls’

Many popular models of wireless router from brands such as Linksys and Netgear are vulnerable to a ‘backdoor’, which could allow attackers access to the router’s admin controls, according to a report by Ars Technica – potentially offering criminals full access to a home network.

The backdoor, found in various models of wireless DSL router, could allow an attacker to reset the router and, “commandeer a wireless access point and allow an attacker to get unfettered access to local network resources,” Ars reports. “The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users.”

The backdoor was discovered by French researcher Eloi Vanderbeken who claimed to have uncovered it ‘by accident’ while investigating his family’s home router, noticing that the device was ‘listening’ for commands via a TCP port. Vanderbeken was able to use this to gain administrator privileges and control functions such as resetting the password, as he explains on Github here.

Vanderbeken’s post brought a ‘flood’ of confirmations from users that other models were vulnerable. “I didn’t expect so much attention,” he said via Twitter. On Github he describes his presentation as, “A very simple backdoor that really doesn’t deserve more than some crappy slides. Moreover, my English is quite bad.”

A poster on Y Combinator said that the problem may stem from older routers manufactured by Sercomm, a manufacturer of such hardware, saying, “Many of Linksys’ old DSL modems were manufactured by them, AFAIK.. and it seems many of the noted ‘probably affected’ models have a SerComm manuf’ed device for at least one revision of that model line.”

A Reddit thread discussing the issue said that, like other recent ‘backdoors’ found in routers, it may have been left there by someone at the company, to allow for easy debugging, “Most companies turn that “testing” stuff off before you ship for reasonably obvious reasons,” one poster wrote. “Looks like someone forgot to do that, or left it in so they could debug returned routers that looked “bricked” in an easy way that worked almost all the time. I doubt it was nefarious.”

The report follows the discovery of a serious “backdoor” vulnerability in various D-Link models last year, reported by We Live Security here.

Craig Heffner, a security researcher, and former employee of the National Security Administration, claimed that the D-Link backdoor appears to have been placed deliberately – and could allow attackers access to unencrypted data, saying, “You can access the web interface without any authentication and view/change the device settings.”

D-Link issued patches for affected routers, saying, “We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.”

Jacob Holcomb, who discovered widespread vulnerabilities in popular routers last year, told CNET at the time, “Code written for these devices continues to provide inadequate security for today’s digital society, and manufacturers should be held accountable for the implementation of code that intentionally circumvents security.”